Palo Alto Cheat Sheet – Panorama


Display the current operational mode.
> show system info | match system-mode

Switch from Panorama mode to Log Collector mode.
> request system system-mode logger

Switch from Panorama mode to PAN-DB private cloud mode (M-500 appliance only).
> request system system-mode panurldb

Switch an M-Series appliance from Log Collector mode or PAN-DB private cloud mode (M-500 appliance only) to Panorama mode.
> request system system-mode panorama

Switch the Panorama virtual appliance from Legacy mode to Panorama mode.
> request system system-mode panorama

Switch the Panorama virtual appliance from Panorama mode to Legacy mode.
> request system system-mode legacy

Panorama Management Server

Change the output for show commands to a format that you can run as CLI commands.
> set cli config-output-mode set

The following is an example of the output for the show device-group command after setting the output format:
# show device-group branch-offices
set device-group branch-offices devices
set device-group branch-offices pre-rulebase

Enable or disable the connection between a firewall and Panorama. You must enter this command from the firewall CLI.
> set panorama [off | on]

Synchronize the configuration of M-Series appliance high availability (HA) peers.
> request high-availability sync-to-remote [running-config | candidate-config]

Reboot multiple firewalls or Dedicated Log Collectors.
> request batch reboot [devices | log-collectors]

Change the interval in seconds (default is 10; range is 5 to 60) at which Panorama polls devices (firewalls and Log Collectors) to determine the progress of software or content updates. Panorama displays the progress when you deploy the updates to devices. Decreasing the interval makes the progress report more accurate but increases traffic between Panorama and the devices.
> set dlsrvr poll-interval <5-60>

Device Groups and Templates

Show the history of device group commits, status of the connection to Panorama, and other information for the firewalls assigned to a device group.
> show devicegroups name

Show the history of template commits, status of the connection to Panorama, and other information for the firewalls assigned to a template.
> show templates name

Show all the policy rules and objects pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
> show config pushed-shared-policy

Show all the network and device settings pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
> show config pushed-template

Log Collection

Show the current rate at which the Panorama management server or a Dedicated Log Collector receives firewall logs.
> debug log-collector log-collection-stats show incoming-logs

Show the quantity and status of logs that Panorama or a Dedicated Log Collector forwarded to external servers (such as syslog servers) as well as the auto-tagging status of the logs. Tracking dropped logs helps you troubleshoot connectivity issues.
> debug log-collector log-collection-stats show log-forwarding-stats

Show status information for log forwarding to the Panorama management server or a Dedicated Log Collector from a particular firewall (such as the last received and generated log of each type).

When you run this command at the firewall CLI (skip the device argument), the output also shows how many logs the firewall has forwarded.
> show logging-status device
Clear logs by type.

Running this command on the Panorama management server clears logs that Panorama and Dedicated Log Collectors generated, as well as any firewall logs that the Panorama management server collected. Running this command on a Dedicated Log Collector clears the logs that it collected from firewalls.
> clear log [acc | alarm | config | hipmatch | system | threat | traffic]

More Stories
Cisco ASA Threat Detection